GHSA-CRHG-XGRG-VVCC a12nserver vulnerable to potential SQL Injections via Knex dependency

Impact Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients. Patches The knex...

a12nserver vulnerable to potential SQL Injections via Knex dependency

Impact Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients. Patches The knex...

PT-2023-18545 · Unknown +1 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: a12nserver versions prior to 0.23.0 Description: The issue affects users of a12nserver who use MySQL, making them potentially vulnerable to SQL injection bugs. This could allow an attacker to obtain OAuth2 Access Tokens for unrelated users. T...

PT-2022-7852 · Knex.Js · Knex.Js

Name of the Vulnerable Software and Affected Versions: Knex.js versions through 2.3.0 Description: The issue is a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0. Users of a12nserver that use...